Please keep in mind that I’m not really a C++ developer. I just have started investigating this language a few weeks ago. So treat my answers with skeptic.

Depending on your VS project you either build x86 or x64 binaries and depending on that configuration VS would grab the one or the other boost::regex library as long as
the libs can be found.

Concerning the “Authenticode check failed” issue,
as far as I understood, a npp debug build can be created without a signed scintilla dll but release builds are checking for signed dlls.
Source is this.

You either can change the code to isOK = true; or you create your own certificates.
But how creating a singend scintilla is done I haven’t investigated yet. Not sure I ever will.

@andrecool-68
I found this commit and it looks like that this is the area
where one would need to hack around to create its own key but as said, I don’t really know how this certificates stuff work, yet.

I don’t think that you are missing something regarding the certification process.
It is expected that you cannot build a release version and use it with a non-signed scintilla dll.
Only debug builds can be used in this manner unless you change the code in the release build.

The way it works, as far as I understand, is like this.

You build a release version of scintilla.
You sign the scintilla dll with your private key.
You put the public key, which is one result from signing the dll, into notepad++ and build the release version.
Now on startup, I assume, it won’t report that error.

The exact details on how to do it, I haven’t figured out yet.
There are still too many open questions for me about the whole PKI thinggy.